DDOS ATTACK (Syllabus: GS Paper 3 – Cyber Security)

Context: Billionaire Elon Musk hosted former US President Donald Trump on his social media platform X for a live audio interview, but the conversation faced a 40-minute delay and several glitches due to what appeared to be a "massive DDoS attack on X."

DDoS Attack

• Definition: A Denial-of-Service (DoS) attack occurs when a website or online service becomes inaccessible due to targeted attacks by a malicious actor.
• Method of Attack: The attack involves directing a large number of users to a specific online server simultaneously to "flood" it.
• Role of IP Addresses: Computers connect to the Internet using unique Internet Protocol (IP) addresses, and data exchanged is broken into smaller chunks called "packets."
• Characteristics: A Distributed Denial-of-Service (DDoS) attack involves multiple sources targeting one system, making it difficult to identify the attacker.

DoS and DDoS attacks work

• Different Methods: DoS attacks can be executed using various techniques, each designed to overwhelm the target and disrupt normal operations.
• Botnets: Attackers often deploy botnets, which are networks of compromised devices, to execute large-scale attacks.
• Smurf Attack: In a Smurf Attack, attackers send ICMP broadcast packets to multiple hosts. The ICMP protocol is typically used to communicate data transmission errors, but here it is exploited for malicious purposes.
• Spoofed IP Address: Attackers use a spoofed source IP address belonging to the target machine. As hosts respond to the spoofed address, they inadvertently flood the target's server, causing a DDoS attack.
• SYN Flood: An SYN flood occurs when an attacker sends connection requests to a target server without completing the connection. This disrupts the server’s ability to process legitimate connections.
• Overloading Servers: By sending multiple incomplete connection requests, attackers create a heavy load on the server, making it difficult for the server to handle legitimate traffic efficiently.